CVE-2025-38251

In the Linux kernel, the following vulnerability has been resolved:

atm: clip: prevent NULL deref in clip_push()

Blamed commit missed that vcc_destroy_socket() calls
clip_push() with a NULL skb.

If clip_devs is NULL, clip_push() then crashes when reading
skb->truesize.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
sid
vulnerable
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/3c709dce16999bf6a1d2ce377deb5dd6fdd8cb08
https://git.kernel.org/stable/c/88c88f91f4b3563956bb52e7a71a3640f7ece157
https://git.kernel.org/stable/c/a07005a77b18ae59b8471e7e4d991fa9f642b3c2
https://git.kernel.org/stable/c/b993ea46b3b601915ceaaf3c802adf11e7d6bac6
https://git.kernel.org/stable/c/ede31ad949ae0d03cb4c5edd79991586ad7c8bb8